wolfcrypt/src/wc_xmss_impl.c: fix error-checking comparisons in wc_xm…

…ss_bds_state_load() and wc_xmss_bds_state_store(), and remove no-longer-needed suppression in wc_xmss_sign(). .wolfssl_known_macro_extras: remove unneeded WOLFSSL_GAISLER_BCC and WOLFSSL_NO_AES_CFB_1_8. wolfcrypt/src/dh.c: reformat overlong lines.
wolfSSL · Jan 7, 2025 · 632d1c7 · 632d1c7
1 parent 27c37b2
commit 632d1c7
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 10 deletions.
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -638,7 +638,6 @@ WOLFSSL_FRDM_K64
 WOLFSSL_FRDM_K64_JENKINS
 WOLFSSL_FUNC_TIME
 WOLFSSL_FUNC_TIME_LOG
-WOLFSSL_GAISLER_BCC
 WOLFSSL_GEN_CERT
 WOLFSSL_GETRANDOM
 WOLFSSL_GNRC
@@ -682,7 +681,6 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST
 WOLFSSL_NONBLOCK_OCSP
 WOLFSSL_NOSHA3_384
 WOLFSSL_NOT_WINDOWS_API
-WOLFSSL_NO_AES_CFB_1_8
 WOLFSSL_NO_BIO_ADDR_IN
 WOLFSSL_NO_CLIENT
 WOLFSSL_NO_CLIENT_CERT_ERROR

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
@@ -2549,31 +2549,41 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
          * public moduli (known primes) from RFC 7919.
          */
         #ifdef HAVE_FFDHE_2048
-        if ((pSz == sizeof(dh_ffdhe2048_p)) && (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0)) {
+        if ((pSz == sizeof(dh_ffdhe2048_p)) &&
+            (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0))
+        {
             isPrime = 1;
         }
         else
         #endif
         #ifdef HAVE_FFDHE_3072
-        if ((pSz == sizeof(dh_ffdhe3072_p)) && (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0)) {
+        if ((pSz == sizeof(dh_ffdhe3072_p)) &&
+            (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0))
+        {
             isPrime = 1;
         }
         else
         #endif
         #ifdef HAVE_FFDHE_4096
-        if ((pSz == sizeof(dh_ffdhe4096_p)) && (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0)) {
+        if ((pSz == sizeof(dh_ffdhe4096_p)) &&
+            (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0))
+        {
             isPrime = 1;
         }
         else
         #endif
         #ifdef HAVE_FFDHE_6144
-        if ((pSz == sizeof(dh_ffdhe6144_p)) && (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0)) {
+        if ((pSz == sizeof(dh_ffdhe6144_p)) &&
+            (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0))
+        {
             isPrime = 1;
         }
         else
         #endif
         #ifdef HAVE_FFDHE_8192
-        if ((pSz == sizeof(dh_ffdhe8192_p)) && (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0)) {
+        if ((pSz == sizeof(dh_ffdhe8192_p)) &&
+            (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0))
+        {
             isPrime = 1;
         }
         else

diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c
@@ -2689,7 +2689,7 @@ static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
     /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
     sk += params->idx_len + 4 * n;
 
-    if (2 * (int)params->d - 1 < 0)
+    if (2 * (int)params->d - 1 <= 0)
         return WC_FAILURE;
 
     for (i = 0; i < 2 * (int)params->d - 1; i++) {
@@ -2748,7 +2748,7 @@ static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
     /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
     sk += params->idx_len + 4 * n;
 
-    if (2 * (int)params->d - 1 < 0)
+    if (2 * (int)params->d - 1 <= 0)
         return WC_FAILURE;
 
     for (i = 0; i < 2 * (int)params->d - 1; i++) {
@@ -3480,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
     if (ret == 0) {
         sig += params->wots_sig_len;
         /*   Add authentication path (auth) and calc new root. */
-        XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */
+        XMEMCPY(sig, bds->authPath, h * n);
         ret = state->ret;
     }